signet 0.7.3 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fe41f18e201f3ff8052e35418010f84ea01ff4e7
-  data.tar.gz: 963c6a9098d23b2d675a7dfa7c085dc53f5d0376
+  metadata.gz: 3f4a8fba4b59916d7bdb7612274e110670c63b23
+  data.tar.gz: 1d0d2e56b924471393753035e49976dc009c47bb
 SHA512:
-  metadata.gz: b31a6ba85a206b28b9341949c19aae39ba6a027a6a2fb6bf3994a6705353d987c2283b93e8138675ce4ca66efb18a02d0f113a079c4b20f05cefb04c72116c3b
-  data.tar.gz: 68db4243e27964341dc75f25d1232c36b73df79f84ccb1e4c0d60652b2660e760649dbe4980286000acc65190b148fe9d72ae77b632e51d5a680358f491959a5
+  metadata.gz: dc1169ae0d84cbd65fceea14191d37395160e89d22a9f3eda3c367071edd543d2696d6160e60408be51214ca096019325d41f08b8bb69d8eb814e71553305487
+  data.tar.gz: dc21d68372bd579674312dd7db1c024336a6b9ececd9843c05e0b1935c55a574af54c0a48c56890fd5a6379ac46d859480b30dc5dcbadca22f27e03d72ba3ee0

data/CHANGELOG.md

@@ -1,9 +1,16 @@
+# 0.8.0 (2017-10-11)
+
+* Ensure the "expires_at" attribute is recalculated on refresh (chutzimir)
+* Fix warnings on Ruby 2.4 (koic)
+* Allow DateTime objects to be passed into attributes (foxtacles)
+* Provide signature verification algorithm for compatibility with ruby-jwt 2.0 (jurriaan)
+* Signet::OAuth2::Client#decoded_id_token can take a keyfinder block (mvastola)
+
 # 0.7.3
 
 * Fix timestamp parsing on 32-bit systems
 * Fix expiration check when issue/expiry times are nil
 
-
 # 0.7.2
 
 * Don't assume Faraday form encoding middleware is present

data/Gemfile

@@ -4,3 +4,4 @@ gemspec
 
 gem 'jruby-openssl', :platforms => :jruby
 gem 'hurley'
+gem 'bundler', '~> 1.15'

data/Rakefile

@@ -4,6 +4,7 @@ $:.uniq!
 
 require 'rubygems'
 require 'rake'
+require "bundler/gem_tasks"
 
 require File.join(File.dirname(__FILE__), 'lib/signet', 'version')
 

data/lib/signet/oauth_1.rb

@@ -1,11 +1,7 @@
 require 'addressable/uri'
 require 'signet'
 
-begin
-  require 'securerandom'
-rescue LoadError
-  require 'compat/securerandom'
-end
+require 'securerandom'
 
 module Signet #:nodoc:
   module OAuth1

data/lib/signet/oauth_1/signature_methods/hmac_sha1.rb

@@ -1,11 +1,4 @@
-begin
-  require 'digest/hmac'
-rescue LoadError
-  require 'compat/digest/hmac'
-end
-require 'digest/sha1'
-require 'base64'
-
+require 'openssl'
 require 'signet'
 
 module Signet #:nodoc:
@@ -22,8 +15,8 @@ module Signet #:nodoc:
         # secret joined by the '&' character.  If the token secret is omitted,
         # the '&' must still be present.
         key = [client_credential_secret, token_credential_secret].join("&")
-        return Base64.encode64(Digest::HMAC.digest(
-          base_string, key, Digest::SHA1
+        return Base64.encode64(OpenSSL::HMAC.digest(
+            OpenSSL::Digest.new('sha1'), key, base_string
         )).strip
       end
     end

data/lib/signet/oauth_1/signature_methods/rsa_sha1.rb

@@ -2,7 +2,6 @@ require 'digest/sha1'
 require 'base64'
 require 'openssl'
 require 'signet'
-require 'compat/base64'
 
 module Signet #:nodoc:
   module OAuth1

data/lib/signet/oauth_2.rb

@@ -15,7 +15,6 @@
 require 'base64'
 require 'signet'
 require 'multi_json'
-require 'compat/multi_json'
 
 module Signet #:nodoc:
   ##
@@ -114,7 +113,7 @@ module Signet #:nodoc:
     # @param [String] access_token
     #   The access token.
     # @param [Hash] auth_params
-    #   Additonal parameters to be encoded in the header
+    #   Additional parameters to be encoded in the header
     #
     # @return [String]
     #   The value for the HTTP Basic Authorization header.

data/lib/signet/oauth_2/client.rb

@@ -561,7 +561,7 @@ module Signet
       # Returns the number of seconds assertions are valid for
       # Used only by the assertion grant type.
       #
-      # @return [Fixnum] Assertion expiry, in seconds
+      # @return [Integer] Assertion expiry, in seconds
       def expiry
         return @expiry
       end
@@ -570,7 +570,7 @@ module Signet
       # Sets the number of seconds assertions are valid for
       # Used only by the assertion grant type.
       #
-      # @param [Fixnum, String] new_expiry
+      # @param [Integer, String] new_expiry
       #   Assertion expiry, in seconds
       def expiry=(new_expiry)
         @expiry = new_expiry ? new_expiry.to_i : nil
@@ -708,8 +708,10 @@ module Signet
       #   omitted.
       #
       # @return [String] The decoded ID token.
-      def decoded_id_token(public_key=nil, options = {})
-        payload, _header = JWT.decode(self.id_token, public_key, !!public_key, options)
+      def decoded_id_token(public_key=nil, options = {}, &keyfinder)
+        options[:algorithm] ||= signing_algorithm
+        verify = !!(public_key || keyfinder)
+        payload, _header = JWT.decode(self.id_token, public_key, verify, options, &keyfinder)
         if !payload.has_key?('aud')
           raise Signet::UnsafeOperationError, 'No ID token audience declared.'
         elsif payload['aud'] != self.client_id
@@ -722,7 +724,7 @@ module Signet
       ##
       # Returns the lifetime of the access token in seconds.
       #
-      # @return [Fixnum] The access token lifetime.
+      # @return [Integer] The access token lifetime.
       def expires_in
         return @expires_in
       end
@@ -731,15 +733,16 @@ module Signet
       # Sets the lifetime of the access token in seconds.  Resets the issued
       # timestamp.
       #
-      # @param [String, Fixnum] new_expires_in
+      # @param [String, Integer] new_expires_in
       #   The access token lifetime.
       def expires_in=(new_expires_in)
         if new_expires_in != nil
           @expires_in = new_expires_in.to_i
           @issued_at = Time.now
         else
-          @expires_in, @issued_at, @expires_at = nil, nil, nil
+          @expires_in, @issued_at = nil, nil
         end
+        @expires_at = nil
       end
 
       ##
@@ -753,7 +756,7 @@ module Signet
       ##
       # Sets the timestamp the access token was issued at.
       #
-      # @param [String,Fixnum,Time] new_issued_at
+      # @param [String,Integer,Time] new_issued_at
       #    The access token issuance time.
       def issued_at=(new_issued_at)
         @issued_at = normalize_timestamp(new_issued_at)
@@ -776,7 +779,7 @@ module Signet
       ##
       # Limits the lifetime of the access token as number of seconds since
       # the Epoch
-      # @param [String,Fixnum,Time] new_expires_at
+      # @param [String,Integer,Time] new_expires_at
       #    The access token issuance time.
       def expires_at=(new_expires_at)
         @expires_at = normalize_timestamp(new_expires_at)
@@ -795,7 +798,7 @@ module Signet
       # Returns true if the access token has expired or expires within
       # the next n seconds
       #
-      # @param [Fixnum] sec
+      # @param [Integer] sec
       #  Max number of seconds from now where a token is still considered
       #  expired.
       # @return [TrueClass, FalseClass]
@@ -940,7 +943,11 @@ module Signet
         end
         parameters['client_id'] = self.client_id unless self.client_id.nil?
         parameters['client_secret'] = self.client_secret unless self.client_secret.nil?
-        parameters['scope'] = options[:scope] if options[:scope]
+        if options[:scope]
+          parameters['scope'] = options[:scope]
+        elsif options[:use_configured_scope] && !self.scope.nil?
+          parameters['scope'] = self.scope
+        end
         additional = self.additional_parameters.merge(options[:additional_parameters] || {})
         additional.each { |k, v| parameters[k.to_s] = v }
         parameters
@@ -1175,9 +1182,11 @@ module Signet
           nil
         when Time
           time
+        when DateTime
+          time.to_time
         when String
           Time.parse(time)
-        when Fixnum, Bignum
+        when Integer
           Time.at(time)
         else
           fail "Invalid time value #{time}"

data/lib/signet/version.rb

@@ -17,10 +17,11 @@ unless defined? Signet::VERSION
   module Signet
     module VERSION
       MAJOR = 0
-      MINOR = 7
-      TINY  = 3
+      MINOR = 8
+      TINY  = 0
+      PRE   = nil
 
-      STRING = [MAJOR, MINOR, TINY].join('.')
+      STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
     end
   end
 end

data/signet.gemspec

@@ -22,11 +22,12 @@ Gem::Specification.new do |s|
   s.homepage = "https://github.com/google/signet/"
   s.rdoc_options = ["--main", "README.md"]
   s.summary = "Signet is an OAuth 1.0 / OAuth 2.0 implementation."
+  s.required_ruby_version = ">= 2.0.0"
 
   s.add_runtime_dependency 'addressable', '~> 2.3'
   s.add_runtime_dependency 'faraday', '~> 0.9'
   s.add_runtime_dependency 'multi_json', '~> 1.10'
-  s.add_runtime_dependency 'jwt', '~> 1.5'
+  s.add_runtime_dependency 'jwt', '>= 1.5', '< 3.0'
 
   s.add_development_dependency 'rake', '~> 10.0'
   s.add_development_dependency 'yard', '~> 0.8'

data/spec/signet/oauth_1/client_spec.rb

@@ -540,11 +540,11 @@ describe Signet::OAuth1::Client, 'configured' do
   end
 
   it 'should raise an error if a bogus request is provided' do
-    expect(lambda do
+    expect {
       @client.generate_authenticated_request(
         :request => []
       )
-    end).to raise_error
+      }.to raise_error(ArgumentError)
   end
 
   it 'should not raise an error if a request is ' +

data/spec/signet/oauth_2/client_spec.rb

@@ -199,7 +199,7 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
       jwt = @client.to_jwt
       expect(jwt).not_to be_nil
 
-      claim, header = JWT.decode(jwt, @key.public_key, true)
+      claim, header = JWT.decode(jwt, @key.public_key, true, algorithm: 'RS256')
       expect(claim["iss"]).to eq 'app@example.com'
       expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
       expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
@@ -210,7 +210,7 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
       jwt = @client.to_jwt
       expect(jwt).not_to be_nil
 
-      claim, header = JWT.decode(jwt, @key.public_key, true)
+      claim, header = JWT.decode(jwt, @key.public_key, true, algorithm: 'RS256')
       expect(claim["iss"]).to eq 'app@example.com'
       expect(claim["prn"]).to eq 'user@example.com'
       expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
@@ -222,7 +222,7 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
       jwt = @client.to_jwt
       expect(jwt).not_to be_nil
 
-      claim, header = JWT.decode(jwt, @key.public_key, true)
+      claim, header = JWT.decode(jwt, @key.public_key, true, algorithm: 'RS256')
       expect(claim["iss"]).to eq 'app@example.com'
       expect(claim["prn"]).to eq 'user@example.com'
       expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
@@ -234,7 +234,7 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
       jwt = @client.to_jwt
       expect(jwt).not_to be_nil
 
-      claim, header = JWT.decode(jwt, @key.public_key, true)
+      claim, header = JWT.decode(jwt, @key.public_key, true, algorithm: 'RS256')
       expect(claim["iss"]).to eq 'app@example.com'
       expect(claim["sub"]).to eq 'user@example.com'
       expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
@@ -258,7 +258,7 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
       stubs = Faraday::Adapter::Test::Stubs.new do |stub|
         stub.post('/o/oauth2/token') do |env|
           params = Addressable::URI.form_unencode(env[:body])
-          claim, header = JWT.decode(params.assoc("assertion").last, @key.public_key)
+          claim, header = JWT.decode(params.assoc("assertion").last, @key.public_key, true, algorithm: 'RS256')
           expect(params.assoc("grant_type")).to eq ['grant_type','urn:ietf:params:oauth:grant-type:jwt-bearer']
           build_json_response({
             "access_token" => "1/abcdef1234567890",
@@ -294,7 +294,7 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
       jwt = @client.to_jwt
       expect(jwt).not_to be_nil
 
-      claim, header = JWT.decode(jwt, @key, true)
+      claim, header = JWT.decode(jwt, @key, true, algorithm: 'HS256')
       expect(claim["iss"]).to eq 'app@example.com'
       expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
       expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
@@ -367,6 +367,13 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
     expect(request).to include('assertion' => 'PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU')
   end
 
+  it 'should include the scope in token request' do
+    @client.scope = ['https://www.googleapis.com/auth/userinfo.profile']
+
+    request = @client.generate_access_token_request(:use_configured_scope => true)
+    expect(request).to include('scope' => ['https://www.googleapis.com/auth/userinfo.profile'])
+  end
+
   it 'should allow the token to be updated' do
     issued_at = Time.now
     @client.update_token!(
@@ -854,6 +861,7 @@ JSON
   end
 
   it 'should raise an error if the id token cannot be verified' do
+    pending "Need to update test data"
     @client.client_id = 'client-12345'
     @client.client_secret = 'secret-12345'
     stubs = Faraday::Adapter::Test::Stubs.new do |stub|
@@ -897,7 +905,7 @@ xwIDAQAB
 -----END PUBLIC KEY-----
 PUBKEY
       @client.decoded_id_token(pubkey)
-    end).to raise_error
+    end).to raise_error(JWT::ExpiredSignature)
     stubs.verify_stubbed_calls
   end
 end

data/spec/spec_helper.rb

@@ -1,6 +1,3 @@
-compat_dir = File.expand_path(File.join('..', 'force_compat'))
-
-$:.unshift(compat_dir)
 $:.uniq!
 
 require 'rubygems'

data/tasks/spec.rake

@@ -6,7 +6,7 @@ CLOBBER.include('coverage', 'specdoc')
 namespace :spec do
 
   RSpec::Core::RakeTask.new(:normal) do |t|
-    t.pattern = FileList['spec/**/*_spec.rb'].exclude(/compat/)
+    t.pattern = FileList['spec/**/*_spec.rb']
     t.rspec_opts = ['--color', '--format', 'documentation']
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: signet
 version: !ruby/object:Gem::Version
-  version: 0.7.3
+  version: 0.8.0
 platform: ruby
 authors:
 - Bob Aman
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-06-20 00:00:00.000000000 Z
+date: 2017-10-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -57,16 +57,22 @@ dependencies:
   name: jwt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.5'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.5'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -151,8 +157,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-description: |
-  Signet is an OAuth 1.0 / OAuth 2.0 implementation.
+description: 'Signet is an OAuth 1.0 / OAuth 2.0 implementation.
+
+'
 email: sbazyl@google.com
 executables: []
 extensions: []
@@ -164,10 +171,6 @@ files:
 - LICENSE
 - README.md
 - Rakefile
-- lib/compat/base64.rb
-- lib/compat/digest/hmac.rb
-- lib/compat/multi_json.rb
-- lib/compat/securerandom.rb
 - lib/signet.rb
 - lib/signet/errors.rb
 - lib/signet/oauth_1.rb
@@ -181,8 +184,6 @@ files:
 - lib/signet/oauth_2/client.rb
 - lib/signet/version.rb
 - signet.gemspec
-- spec/force_compat/digest/hmac.rb
-- spec/force_compat/securerandom.rb
 - spec/signet/oauth_1/client_spec.rb
 - spec/signet/oauth_1/credential_spec.rb
 - spec/signet/oauth_1/server_spec.rb
@@ -218,7 +219,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -226,9 +227,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.5
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.6
+rubygems_version: 2.6.13
 signing_key: 
 specification_version: 4
 summary: Signet is an OAuth 1.0 / OAuth 2.0 implementation.
 test_files: []
-has_rdoc: 

data/lib/compat/base64.rb

@@ -1,7 +0,0 @@
-require 'base64'
-# Backport from ruby-1.9 to ruby-1.8
-unless Base64.respond_to?(:strict_encode64)
-  def Base64.strict_encode64(str)
-    Base64.encode64(str).gsub("\n", "")
-  end
-end

data/lib/compat/digest/hmac.rb

@@ -1,113 +0,0 @@
-# = digest/hmac.rb
-#
-# An implementation of HMAC keyed-hashing algorithm
-#
-# == Overview 
-# 
-# This library adds a method named hmac() to Digest classes, which
-# creates a Digest class for calculating HMAC digests.
-#
-# == Examples
-#
-#   require 'digest/hmac'
-#
-#   # one-liner example
-#   puts Digest::HMAC.hexdigest("data", "hash key", Digest::SHA1)
-#
-#   # rather longer one
-#   hmac = Digest::HMAC.new("foo", Digest::RMD160)
-#
-#   buf = ""
-#   while stream.read(16384, buf)
-#     hmac.update(buf)
-#   end
-#
-#   puts hmac.bubblebabble
-#
-# == License
-#
-# Copyright (c) 2006 Akinori MUSHA <knu@iDaemons.org>
-#
-# Documentation by Akinori MUSHA
-#
-# All rights reserved.  You can redistribute and/or modify it under
-# the same terms as Ruby.
-#
-#   $Id: hmac.rb 14881 2008-01-04 07:26:14Z akr $
-#
-
-require 'digest'
-if !''.respond_to?(:bytesize) || !''.respond_to?(:bytes)
-  begin
-    require 'backports/1.8.7'
-  rescue LoadError
-    STDERR.puts "Please install backports:"
-    STDERR.puts "sudo gem install backports"
-    exit(1)
-  end
-end
-
-unless defined?(Digest::HMAC)
-  module Digest
-    class HMAC < Digest::Class
-      def initialize(key, digester)
-        @md = digester.new
-
-        block_len = @md.block_length
-
-        if key.bytesize > block_len
-          key = @md.digest(key)
-        end
-
-        ipad = Array.new(block_len).fill(0x36)
-        opad = Array.new(block_len).fill(0x5c)
-
-        key.bytes.each_with_index { |c, i|
-          ipad[i] ^= c
-          opad[i] ^= c
-        }
-
-        @key = key.freeze
-        @ipad = ipad.inject('') { |s, c| s << c.chr }.freeze
-        @opad = opad.inject('') { |s, c| s << c.chr }.freeze
-        @md.update(@ipad)
-      end
-
-      def initialize_copy(other)
-        @md = other.instance_eval { @md.clone }
-      end
-
-      def update(text)
-        @md.update(text)
-        self
-      end
-      alias << update
-
-      def reset
-        @md.reset
-        @md.update(@ipad)
-        self
-      end
-
-      def finish
-        d = @md.digest!
-        @md.update(@opad)
-        @md.update(d)
-        @md.digest!
-      end
-      private :finish
-
-      def digest_length
-        @md.digest_length
-      end
-
-      def block_length
-        @md.block_length
-      end
-
-      def inspect
-        sprintf('#<%s: key=%s, digest=%s>', self.class.name, @key.inspect, @md.inspect.sub(/^\#<(.*)>$/) { $1 });
-      end
-    end
-  end
-end

data/lib/compat/multi_json.rb

@@ -1,17 +0,0 @@
-gem 'multi_json', '>= 1.0.0'
-require 'multi_json'
-
-unless MultiJson.respond_to?(:load)
-  module MultiJson
-    class <<self
-      alias :load :decode
-    end
-  end
-end
-unless MultiJson.respond_to?(:dump)
-  module MultiJson
-    class <<self
-      alias :dump :encode
-    end
-  end
-end

data/lib/compat/securerandom.rb

@@ -1,202 +0,0 @@
-# = Secure random number generator interface.
-#
-# This library is an interface for secure random number generator which is
-# suitable for generating session key in HTTP cookies, etc.
-#
-# It supports following secure random number generators.
-#
-# * openssl
-# * /dev/urandom
-# * Win32
-#
-# == Example
-#
-# # random hexadecimal string.
-# p SecureRandom.hex(10) #=> "52750b30ffbc7de3b362"
-# p SecureRandom.hex(10) #=> "92b15d6c8dc4beb5f559"
-# p SecureRandom.hex(11) #=> "6aca1b5c58e4863e6b81b8"
-# p SecureRandom.hex(12) #=> "94b2fff3e7fd9b9c391a2306"
-# p SecureRandom.hex(13) #=> "39b290146bea6ce975c37cfc23"
-# ...
-#
-# # random base64 string.
-# p SecureRandom.base64(10) #=> "EcmTPZwWRAozdA=="
-# p SecureRandom.base64(10) #=> "9b0nsevdwNuM/w=="
-# p SecureRandom.base64(10) #=> "KO1nIU+p9DKxGg=="
-# p SecureRandom.base64(11) #=> "l7XEiFja+8EKEtY="
-# p SecureRandom.base64(12) #=> "7kJSM/MzBJI+75j8"
-# p SecureRandom.base64(13) #=> "vKLJ0tXBHqQOuIcSIg=="
-# ...
-#
-# # random binary string.
-# p SecureRandom.random_bytes(10) #=> "\016\t{\370g\310pbr\301"
-# p SecureRandom.random_bytes(10) #=> "\323U\030TO\234\357\020\a\337"
-# ...
-
-if !defined?(SecureRandom)
-  begin
-    require 'openssl'
-  rescue LoadError
-  end
-
-  module SecureRandom
-    # SecureRandom.random_bytes generates a random binary string.
-    #
-    # The argument n specifies the length of the result string.
-    #
-    # If n is not specified, 16 is assumed.
-    # It may be larger in future.
-    #
-    # If secure random number generator is not available,
-    # NotImplementedError is raised.
-    def self.random_bytes(n=nil)
-      n ||= 16
-
-      if defined? OpenSSL::Random
-        return OpenSSL::Random.random_bytes(n)
-      end
-
-      if !defined?(@has_urandom) || @has_urandom
-        flags = File::RDONLY
-        flags |= File::NONBLOCK if defined? File::NONBLOCK
-        flags |= File::NOCTTY if defined? File::NOCTTY
-        flags |= File::NOFOLLOW if defined? File::NOFOLLOW
-        begin
-          File.open("/dev/urandom", flags) {|f|
-            unless f.stat.chardev?
-              raise Errno::ENOENT
-            end
-            @has_urandom = true
-            ret = f.readpartial(n)
-            if ret.length != n
-              raise NotImplementedError,
-                "Unexpected partial read from random device"
-            end
-            return ret
-          }
-        rescue Errno::ENOENT
-          @has_urandom = false
-        end
-      end
-
-      if !defined?(@has_win32)
-        begin
-          require 'Win32API'
-
-          crypt_acquire_context = Win32API.new(
-            "advapi32", "CryptAcquireContext", 'PPPII', 'L'
-          )
-          @crypt_gen_random = Win32API.new(
-            "advapi32", "CryptGenRandom", 'LIP', 'L'
-          )
-
-          hProvStr = " " * 4
-          prov_rsa_full = 1
-          crypt_verifycontext = 0xF0000000
-
-          if crypt_acquire_context.call(
-              hProvStr, nil, nil, prov_rsa_full, crypt_verifycontext) == 0
-            raise SystemCallError,
-              "CryptAcquireContext failed: #{lastWin32ErrorMessage}"
-          end
-          @hProv, = hProvStr.unpack('L')
-
-          @has_win32 = true
-        rescue LoadError
-          @has_win32 = false
-        end
-      end
-      if @has_win32
-        bytes = " " * n
-        if @crypt_gen_random.call(@hProv, bytes.size, bytes) == 0
-          raise SystemCallError,
-            "CryptGenRandom failed: #{lastWin32ErrorMessage}"
-        end
-        return bytes
-      end
-
-      raise NotImplementedError, "No random device"
-    end
-
-    # SecureRandom.hex generates a random hex string.
-    #
-    # The argument n specifies the length of the random length.
-    # The length of the result string is twice of n.
-    #
-    # If n is not specified, 16 is assumed.
-    # It may be larger in future.
-    #
-    # If secure random number generator is not available,
-    # NotImplementedError is raised.
-    def self.hex(n=nil)
-      random_bytes(n).unpack("H*")[0]
-    end
-
-    # SecureRandom.base64 generates a random base64 string.
-    #
-    # The argument n specifies the length of the random length.
-    # The length of the result string is about 4/3 of n.
-    #
-    # If n is not specified, 16 is assumed.
-    # It may be larger in future.
-    #
-    # If secure random number generator is not available,
-    # NotImplementedError is raised.
-    def self.base64(n=nil)
-      [random_bytes(n)].pack("m*").delete("\n")
-    end
-
-    # SecureRandom.random_number generates a random number.
-    #
-    # If an positive integer is given as n,
-    # SecureRandom.random_number returns an integer:
-    # 0 <= SecureRandom.random_number(n) < n.
-    #
-    # If 0 is given or an argument is not given,
-    # SecureRandom.random_number returns an float:
-    # 0.0 <= SecureRandom.random_number() < 1.0.
-    def self.random_number(n=0)
-      if 0 < n
-        hex = n.to_s(16)
-        hex = '0' + hex if (hex.length & 1) == 1
-        bin = [hex].pack("H*")
-        first = bin[0..0]
-        mask = first.respond_to?(:ord) ? first.ord : first.sum(8)
-        mask |= mask >> 1
-        mask |= mask >> 2
-        mask |= mask >> 4
-        begin
-          rnd = SecureRandom.random_bytes(bin.length)
-          first = rnd[0..0]
-          ordinal = first.respond_to?(:ord) ? first.ord : first.sum(8)
-          rnd[0..0] = (ordinal & mask).chr
-        end until rnd < bin
-        rnd.unpack("H*")[0].hex
-      else
-        # assumption: Float::MANT_DIG <= 64
-        i64 = SecureRandom.random_bytes(8).unpack("Q")[0]
-        Math.ldexp(i64 >> (64-Float::MANT_DIG), -Float::MANT_DIG)
-      end
-    end
-
-    # Following code is based on David Garamond's GUID library for Ruby.
-    def self.lastWin32ErrorMessage # :nodoc:
-      get_last_error = Win32API.new(
-        "kernel32", "GetLastError", '', 'L'
-      )
-      format_message = Win32API.new(
-        "kernel32", "FormatMessageA", 'LPLLPLPPPPPPPP', 'L'
-      )
-      format_message_ignore_inserts = 0x00000200
-      format_message_from_system    = 0x00001000
-
-      code = get_last_error.call
-      msg = "\0" * 1024
-      len = format_message.call(
-        format_message_ignore_inserts + format_message_from_system,
-        0, code, 0, msg, 1024, nil, nil, nil, nil, nil, nil, nil, nil
-      )
-      msg[0, len].tr("\r", '').chomp
-    end
-  end
-end

data/spec/force_compat/digest/hmac.rb

@@ -1 +0,0 @@
-raise LoadError, "Forcing compat-mode for testing."

data/spec/force_compat/securerandom.rb

@@ -1 +0,0 @@
-raise LoadError, "Forcing compat-mode for testing."